Table of Contents:
The basics of the Remote Desktop Protocol (RDP)
A possible fix: Changing the RDP port in Windows
Lock down your RDP ports with Cameyo
Given the exponential rise in ransomware attacks in recent years, organizations are taking security more seriously than ever. At the top of their to-do list is mitigating some of the inherent risk in the Remote Desktop Protocol (RDP). Since 2018, RDP has been the primary vector in half of all ransomware attacks, according to the cybersecurity research firm Palo Alto Networks.
The basics of the Remote Desktop Protocol (RDP)
Before we dive into a potential fix for Remote Desktop Protocol vulnerabilities, it’s important to understand what it is and why it’s used. Otherwise you could risk breaking essential functionality.
RDP is the set of network rules used for communication between Microsoft’s Terminal Server and the Terminal Server Client, which is a widely used means of providing remote desktop functionality to end users.
Whenever you have Remote Desktop Services enabled on any Windows server, it has RDP port number 3389 open by default. That standardization is helpful from a networking perspective, but it also makes that port number very attractive to malicious actors. They know there’s a good chance that 3389 is going to be perpetually open as a listening port, especially among enterprise or distributed organizations, and they’ll try to use it as a way to deliver a ransomware payload or DDOS attack.
So, to eliminate the problem, should you just disable RDP? Well, not exactly. The Remote Desktop Protocol is used by any number of applications that tap into Windows Server, and disabling it would mean losing essential services. It would make about as much sense as removing the engine of your car to make it less attractive to thieves.
A possible fix: Changing the RDP port in Windows
One way to thwart some of the less ambitious hackers and bots is to change the default RDP port number to something other than 3389. This is a good idea for both Windows clients and Windows Server, given that both use the same listening port for Remote Desktop Connection traffic.
Please note that this involves making fundamental system tweaks in the Windows Registry Editor. As a result, it could have knock-on effects for your device- and network-level firewall settings, which means that features related to remote desktop could break. Before starting, be absolutely sure you have a Windows registry backup and enough technical skill to reverse the steps below if that happens.
Bearing that caveat in mind, here are the basic steps to take to change RDP port on a Windows machine.
- Double-click on the Windows Start button. Type in “regedit” (don’t worry if there’s not a dedicated text entry field) and then press Enter. This will launch the Registry Editor.
- In the Registry Editor, look for HKEY_LOCAL_MACHINE in the navigation sidebar. Navigate to HKEY_LOCAL_MACHINE\SYSTEM by extending the drop-down list. From there, keep extending the drop-downs next to CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp.
- Click on RDP-Tcp. That will open up a list of items in the main window.
- Find the dword file named “PortNumber”. Right-click on the PortNumber dword file and select “Modify…”
- You’ll see a dialog with three fields: Value name, Value data and Base. Change the base to Decimal. In the Value data field, enter a new port number between 1025 and 65535. Make sure that the new remote desktop port number you choose is not already in use by another application or service.
- Click OK, then reboot the computer.
All being well, you will have now successfully changed the default RDP port on your Windows machine. An important thing to remember is that, with Windows Server, you’ll need to update your Windows firewall rules and also mimic this change across any clients that are still using the default RDP port. If you’ve only made the change on a Windows client machine, you’ll have to manually update the Remote Desktop client the next time you connect. This is done by adding a colon and the new RDP port number after the machine’s hostname or IP address (e.g., “hostname:1234”).
Lock down your RDP port with Cameyo
Rather than trying to dodge RDP security risks with Registry Editor workarounds, why not choose a digital workspace solution that enhances security while facilitating hybrid and remote work?
Cameyo’s virtual app delivery platform is built around a hardened Zero Trust security model, now considered a best practice among enterprise IT departments and cybersecurity experts alike. To that end, Cameyo makes use of multiple innovative technologies that mitigate risk and avoid common attack vectors like RDP port vulnerabilities. Some of these core technologies include:
- Secure Cloud Tunneling: Enables secure, user-friendly virtual app delivery independent of a VPN (which carries its own risks) and without needing to open any ports in the Windows firewall. You can read a detailed explanation of Cameyo’s Secure Cloud Tunneling here.
- Port Shield: Provides built-in security that dynamically opens or closes HTTP(S) and RDP ports in response to authenticated users. Even though the RDP listening port remains active, it’s inaccessible to non-authorized traffic—no Windows Registry Editor hacks needed. More info on Cameyo’s Port Shield is available here.
- NoVPN: Ensures that all data traffic is encrypted and that apps are delivered from a secure HTML5 browser via an HTTPS session. This effectively separates the client device from the corporate network. This Cameyo help center article has more details on NoVPN and how it works.
Technologies like these—not to mention additional ones like non-persistent servers and single sign-on (SSO) support—are what set Cameyo apart from other app virtualization solutions and remote work strategies. In a survey conducted by the research firm TechValidate, 98% of respondents reported that Cameyo’s security beats the competition (TVID: 8A7-240-702) while also being simpler to deploy and manage (TVID: FD6-B62-2F3).
Take advantage of your free trial of Cameyo today and start experiencing the benefits of virtual app delivery. Not only will it free you from having to wrestle with RDP port vulnerabilities, it will also give your remote workforce seamless, anywhere access to business-critical Windows apps, even legacy software (regardless of OS like Windows 7, Windows 10, etc.). You can also schedule a demo to have one of our engineers give you a guided tour of Cameyo and its features.